You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The subscription resource type requires a parameter access_secret which is stored in the state file in plaintext. While the state file can be encrypted, Terraform's own iam_access_key resource suggest supplying a PGP key that can be used to additionally encrypt the secret before storing it in state.
Terraforms management of secrets in state does seem to cause a fair bit of debate - and it has been proposed that some encrypt / decrypt interpolation functions should be added to Terraform core hashicorp/terraform#15434.
I'm not sure if maybe there is a middle-ground position that we could take in the meantime? Perhaps adding another optional parameters access_secret_encrypted?
The text was updated successfully, but these errors were encountered:
The subscription resource type requires a parameter
access_secret
which is stored in the state file in plaintext. While the state file can be encrypted, Terraform's owniam_access_key
resource suggest supplying a PGP key that can be used to additionally encrypt the secret before storing it in state.Terraforms management of secrets in state does seem to cause a fair bit of debate - and it has been proposed that some encrypt / decrypt interpolation functions should be added to Terraform core hashicorp/terraform#15434.
I'm not sure if maybe there is a middle-ground position that we could take in the meantime? Perhaps adding another optional parameters
access_secret_encrypted
?The text was updated successfully, but these errors were encountered: